Podcasts about hackerone

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Kara Sprague, CEO, HackerOne. In this episode: Shadow AI as a control problem Rethinking identity for autonomous agents When process meets momentum Beyond blocking: channeling AI usage Huge thanks to our sponsor, HackerOne  Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/  

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messenger has startup troubles. Samsung follows Apple's WhatsApp patch chain. Shocker: UK school hacks are mostly by students. HackerOne was hacked. Connected washing machines in Amsterdam hacked. DDoS breaks another record. Bluesky to implement conditional age verification. Enforcement actions for Global Privacy Control. Might Apple have finally beaten vulnerabilities Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW threatlocker.com for Security Now bitwarden.com/twit Melissa.com/twit

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messenger has startup troubles. Samsung follows Apple's WhatsApp patch chain. Shocker: UK school hacks are mostly by students. HackerOne was hacked. Connected washing machines in Amsterdam hacked. DDoS breaks another record. Bluesky to implement conditional age verification. Enforcement actions for Global Privacy Control. Might Apple have finally beaten vulnerabilities Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW threatlocker.com for Security Now bitwarden.com/twit Melissa.com/twit

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messenger has startup troubles. Samsung follows Apple's WhatsApp patch chain. Shocker: UK school hacks are mostly by students. HackerOne was hacked. Connected washing machines in Amsterdam hacked. DDoS breaks another record. Bluesky to implement conditional age verification. Enforcement actions for Global Privacy Control. Might Apple have finally beaten vulnerabilities Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW threatlocker.com for Security Now bitwarden.com/twit Melissa.com/twit

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messenger has startup troubles. Samsung follows Apple's WhatsApp patch chain. Shocker: UK school hacks are mostly by students. HackerOne was hacked. Connected washing machines in Amsterdam hacked. DDoS breaks another record. Bluesky to implement conditional age verification. Enforcement actions for Global Privacy Control. Might Apple have finally beaten vulnerabilities Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW threatlocker.com for Security Now bitwarden.com/twit Melissa.com/twit

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messenger has startup troubles. Samsung follows Apple's WhatsApp patch chain. Shocker: UK school hacks are mostly by students. HackerOne was hacked. Connected washing machines in Amsterdam hacked. DDoS breaks another record. Bluesky to implement conditional age verification. Enforcement actions for Global Privacy Control. Might Apple have finally beaten vulnerabilities Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW threatlocker.com for Security Now bitwarden.com/twit Melissa.com/twit

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Are Bitcoin ATMs anything more than scamming terminals. Ransomware hits the Uvalde school district and Jaguar. Did "Scattered LapSus Hunters" just throw in the towel. Germany, for one, to vote "no" on Chat Control. Russia's new MAX messenger has startup troubles. Samsung follows Apple's WhatsApp patch chain. Shocker: UK school hacks are mostly by students. HackerOne was hacked. Connected washing machines in Amsterdam hacked. DDoS breaks another record. Bluesky to implement conditional age verification. Enforcement actions for Global Privacy Control. Might Apple have finally beaten vulnerabilities Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW threatlocker.com for Security Now bitwarden.com/twit Melissa.com/twit

The Great Firewall of China, Jaguar Land Rover, Workday, Facebook, Tenable and Qualys, HackerOne and so much more are all part of this week's breaches!

More than 7.5 million global cyber incidents were reported in the first half of 2025, a 19% rise on the same period last year. To combat the surge in attacks, Integrity360 is announcing an exclusive Irish partnership with global bug bounty leader HackerOne. This partnership gives businesses direct local access to a trusted network of more than two million ethical hackers, delivering real-time vulnerability discovery and remediation before threats can be exploited. Cyber attacks are increasing in both sophistication and volume, with large organisations -particularly those with web-facing infrastructure - experiencing relentless attempts to identify and exploit weaknesses. While traditional penetration testing and red teaming remain essential, a well organised bug bounty programme takes cyber security to the next level. Integrity360's collaboration with HackerOne adds an 'always-on' layer of human-led testing, giving enterprises continuous visibility into emerging threats and an attacker's eye view of their systems. Drawing on HackerOne's global community of security researchers, Integrity360 identifies vulnerabilities that automated tools might miss. With access to over two million ethical hackers, security teams can prioritise and remediate critical risks faster - a capability that would be virtually impossible for any single organisation to replicate in-house. Furthermore, you only pay for exposures that are discovered, providing excellent return on investment. The collaboration expands the cyber security testing portfolio of Integrity360, enabling delivery of an end-to-end service that spans scheduled assessments, red teaming, and continuous researcher-led testing. While HackerOne underpins the platform with its unparalleled crowd-powered expertise, Integrity360 ensures seamless integration into clients' security programmes. "Technology alone can't match the creativity and persistence of a determined attacker," said Richard Ford, CTO at Integrity360. "By partnering with HackerOne, we are enabling organisations to tap into a vast, global community of security researchers who continuously probe for weaknesses. This is proactive defence in action, which is designed to uncover and fix issues before they become security incidents." John Addeo, VP of Global Channels at HackerOne, said: "Integrity360 brings deep enterprise security expertise, while our hacker community provides real-world insight that tools alone can't deliver. Together, we help organisations find and fix vulnerabilities faster, reducing their attack surface in an increasingly complex threat environment." The move reflects a wider industry shift from periodic, compliance-driven assessments to continuous, community-powered protection. As cyber threats continue to evolve, the ability to detect and respond to vulnerabilities in real-time will become a critical benchmark for effective cyber defence. See more stories here.

What's up everyone, today we have the pleasure of sitting down with Kevin White, Head of GTM Strategy at Common Room. (00:00) - Intro (01:00) - In This Episode (02:59) - How to Design a Super IC Role for Senior Marketers (09:11) - How to Get Comfortable With Public Visibility as an Introverted Leader (10:39) - sing Empathy and Product Demos to Build Authentic GTM Strategies (16:52) - How to Use Pain Points to Make Personalization Work (19:21) - How to Use Buyer Behavior Signals to Improve Outreach Timing (21:36) - Leveraging GitHub Signals to Drive High-Conversion Micro Campaigns (24:57) - Smarter Account Prioritization With Buyer Signals (29:02) - Why Messaging Drives GTM More Than Signals and Plays (31:16) - Why Overengineered Tech Stacks Fail GTM Teams (35:05) - Why AI SDR Agents Need Structured Coaching to Work (41:43) - Why The Last Mile Of AI Marketing Still Belongs To Humans (43:57) - AI Sharpens the Divide Between Experts and Amateurs (45:46) - Why Declaring Human-Written Outreach Gets Better Responses (48:00) - Futureproofing Operations Skills Through Challenge Driven Learning (51:46) - Why Data Warehouses Are Taking Over Customer Data Platforms (55:32) - Finding Career Balance Through Self Reflection Summary: Kevin rebuilt his career around the work that fuels him. After years leading teams at Segment, Retool and Common Room, he walked away from politics and board decks to create a “super IC” role focused on experiments, product evangelism, and hands‑on growth. He applies that same mindset to go‑to‑market: strip out the bloat, ditch templated outreach, and use real buyer behavior to build small, personal campaigns. He treats AI as an amplifier for skilled marketers, using it to speed research and sharpen ideas, while relying on human judgment to make the output work. Even visibility, once draining for him, became a muscle he trained through repetition. Kevin's story is a guide for marketers who want less political fluff, more impact, and roles built around the work they actually love to do.About KevinKevin White is a seasoned go-to-market leader with over 20 years of experience driving growth for high-growth SaaS companies. He's held senior roles at Gigya, SingleStore, HackerOne, and Twilio Segment, where he built demand generation engines and scaled marketing operations during critical growth stages.Most recently, Kevin led marketing at Retool and advanced through multiple leadership roles at Common Room, from Head of Demand Generation to Head of Marketing, and now Head of GTM Strategy. He has also advised innovative startups like Ashby, Gretel.ai, and Deepnote, helping them refine their go-to-market strategies and accelerate adoption.How to Design a Super IC Role for Senior MarketersClimbing the marketing ladder feels like progress until you realize the work at the top is entirely different. Kevin spent years running teams at Retool and Common Room. He managed a dozen people, dealt with SDR team politics, prepared board updates, and handled internal marketing. Those tasks ate up his time and dulled his energy for the work that made him great in the first place. “My day-to-day was full of things I didn't enjoy. One-on-ones, internal marketing, SDR team drama, board updates. None of it felt like what I wanted to be doing,” he said.Kevin thrived in the early-stage chaos. He loved being the first marketer, building programs from scratch, experimenting with growth channels, and connecting directly with customers. Those environments let him create instead of coordinate. He could see the direct impact of his work and feel close to the product. As companies grew, that hands-on work disappeared. He became a coach, a manager, and a political operator. For someone who values doing over directing, that was a poor fit.He worked with Common Room's CEO to design a role that put him back in his zone. Now, as Head of GTM Strategy, Kevin functions as a “super IC.” He runs high-leverage growth experiments, drives product evangelism, and collaborates with a few freelancers instead of managing a team. That way he can focus on the work that delivers impact while avoiding the politics and administrative load that drained him. It is a custom role built around his strengths, and it brought back his enthusiasm for the job.Kevin's thinking extends beyond his role. He shared how Common Room rethought sales development. They hired an excellent manager who knows how to attract and retain elite talent. Then they paid those top performers well above the market rate. “Harry is one of our SDRs,” Kevin explained. “We pay him a good amount because he produces outsized results. That playbook works.” In Kevin's view, companies should build alternative tracks for individual contributors and reward them based on their production, not their willingness to manage people.Key takeaway: Create roles that match strengths instead of forcing people up a management ladder. Build paths for senior individual contributors who can deliver massive value without leading teams. Pay top performers according to their impact, not their title. If you manage teams, audit which roles could benefit from this model and where high-performers need more autonomy. If you are an individual contributor, consider what a custom role would look like that keeps you close to the work you do best.Building Confidence With Public Visibility as an Introverted LeaderPublic visibility exhausts many introverted leaders. Kevin describes finishing a full day at a conference feeling drained, running only on caffeine to get through the next one. Sharing his voice on LinkedIn or recording videos once felt unbearable. Even now, he admits to taking multiple tries before posting anything. Despite that discomfort, he continues to do it because the repetition has transformed the work from a chore into a habit.“I was mortified at myself when I first started recording things,” Kevin said. “But I kept hearing people say how helpful it was, and that positive reinforcement made it easier.”Kevin builds on small steps instead of waiting for confidence to appear. He creates a cycle where he pushes himself into uncomfortable situations, collects positive feedback, and uses that reinforcement to do it again. Over time, the acts that once caused him anxiety, like posting thought pieces or speaking publicly, have become regular parts of his work.He views visibility as a skill that can be practiced. Instead of thinking in terms of strengths or weaknesses, he treats every new action as training. This perspective removes the pressure to “perform” and reframes the process as building a muscle. That makes posting online, speaking at events, and showing up in public spaces a set of learnable behaviors rather than personal traits.You can use his approach:Start with small, low-stakes actions like sharing short ideas on LinkedIn.Progress to more challenging mediums such as podcasts or short recorded demos.Save positive responses to use as reminders when your motivation dips.Treat every effort as practice, which builds resilience and lowers fear over time.Key takeaway: Confidence grows through repetition. Build it by starting with small visibility actions, collecting reinforcement, and gradually increasing the difficulty of your public presence. That way you can turn something that drains you into a manageable, even natural, part of your role.Using Empathy and Demos to Build Authentic GTM StrategiesKevin remembers the grind of stitching together spreadsheets, Zaps, and Salesforce automat...

Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google's “Big Sleep” project, XBOW's HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community's need for open access. Plus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform the cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China's AI model development. Cast: Brandon Dixon (https://www.linkedin.com/in/brandonsdixon/), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), and Ryan Naraine (https://twitter.com/ryanaraine).

Founder and CTO Alex Rice discusses how HackerOne uses generative AI to automate security workflows and prioritizing accuracy over efficiency to achieve end-to-end outcomes.Topics Include:HackerOne uses ethical hackers and AI to find vulnerabilities before criminalsWhite hat hackers stress test systems to identify security weaknesses proactivelyGenerative AI plays a huge role in HackerOne's security operationsSecurity teams struggle with constant toil of finding and fixing vulnerabilitiesAI helps minimize toil through natural language interfaces and automationBoth good and bad actors have access to generative AI toolsSuccess requires measuring individual task inputs and outputs, not just aggregatesBreaking down workflows into granular tasks reveals measurable AI improvementsHackerOne deployed "Hive," their AI security agent to reduce customer toilInitial focus was on tasks where AI clearly outperformed humansStarted with low-hanging fruit before tackling more complex strategic workflowsAccuracy is the primary success metric, not just efficiency or speedSecurity requires precision; wrong fixes create bigger problems than inefficiencyCustomer acceptance and reduced time to remediation are north star metricsHumans remain the source of truth for validation and feedback loopsBreak down human jobs into granular AI tasks using systems thinkingBuild specific agents for individual tasks rather than entire job rolesKeep humans accountable for end-to-end outcomes to maintain customer trustAWS Bedrock chosen for security, confidentiality, and data separation requirementsMoving from efficiency improvements to entirely new AI-enabled capabilitiesParticipants:Alex Rice – Founder & CTO/CISO, HackerOneFurther Links:HackerOne WebsiteHackerOne on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW's recent breakthrough. XBOW claims to have topped HackerOne's leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for […] The post Autonomous Hacking? This Startup May Have Just Changed Penetration Testing Forever appeared first on Shared Security Podcast.

Drex covers three critical cybersecurity developments: Expo's groundbreaking AI-powered penetration testing system dominates HackerOne with over 1,000 vulnerabilities found, Microsoft redesigns the iconic Blue Screen of Death after 40 years, and the Scattered Spider ransomware group pivots from insurance to airline industry attacks using advanced social engineering and deepfakes.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

The new cybersecurity pioneers aren't chasing alerts, they're building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when machines fill the gaps we used to grow into? In this episode, Chris Cochran, CEO and Founder of Commandant, returns to Hacker Valley Studio with an insider view on building in the AI boom. He shares why he's betting on incident response over the “AI SOC,” what it means to use AI with integrity, and how this moment mirrors the early industrial revolutions: chaotic, risky, but ripe with once-in-a-career opportunity.   Impactful Moments: 00:00 – Introduction 02:11 – Launch of Commandant AI 03:06 – Early-stage LLM opportunities 05:26 – Built first AI co-pilot in 4 hours 06:00 – AI bot tops HackerOne leaderboard 07:44 – AI used for and against orgs 10:14 – Focus on incident response, not AI SOC 12:34 – Reducing cost of prolonged incidents 14:01 – Cybersecurity changing every 2 months 16:58 – AI causing rapid skill loss 21:59 – AI-assisted job interviews detected 24:49 – AI lacks business context for blocking 27:30 – Daily AI use pays long-term dividends Links: Connect with our guest, Chris Cochran: https://www.linkedin.com/in/chrishvm/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we're back with part 2 of Rez0's miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker User Storehttps://www.criticalthinkingpodcast.io/tl-userstore====== This Week in Bug Bounty ======Earning a HackerOne 2025 Live Hacking Invitehttps://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-inviteHTTP header hacks: basic and advanced exploit techniques exploredhttps://www.yeswehack.com/learn-bug-bounty/http-header-exploitation====== Resources ======Grep.apphttps://vercel.com/blog/migrating-grep-from-create-react-app-to-next-jsGemini 2.5 Pro prompt leakhttps://x.com/elder_plinius/status/1913734789544214841Pliny's CL4R1T4Shttps://github.com/elder-plinius/CL4R1T4SO3https://x.com/pdstat/status/1913701997141803329====== Timestamps ======(00:00:00) Introduction(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak(00:11:09) Delivery and impactful action(00:20:44) Mastering Prompt Injection(00:30:36) Traditional vulns in Tool Calls, and AI Apps(00:37:32) Exploiting AI specific features

In this episode of Crazy Wisdom, I, Stewart Alsop, sit down with Naman Mishra, CTO of Repello AI, to unpack the real-world security risks behind deploying large language models. We talk about layered vulnerabilities—from the model, infrastructure, and application layers—to attack vectors like prompt injection, indirect prompt injection through agents, and even how a simple email summarizer could be exploited to trigger a reverse shell. Naman shares stories like the accidental leak of a Windows activation key via an LLM and explains why red teaming isn't just a checkbox, but a continuous mindset. If you want to learn more about his work, check out Repello's website at repello.ai.Check out this GPT we trained on the conversation!Timestamps00:00 - Stewart Alsop introduces Naman Mishra, CTO of Repel AI. They frame the episode around AI security, contrasting prompt injection risks with traditional cybersecurity in ML apps.05:00 - Naman explains the layered security model: model, infrastructure, and application layers. He distinguishes safety (bias, hallucination) from security (unauthorized access, data leaks).10:00 - Focus on the application layer, especially in finance, healthcare, and legal. Naman shares how ChatGPT leaked a Windows activation key and stresses data minimization and security-by-design.15:00 - They discuss red teaming, how Repel AI simulates attacks, and Anthropic's HackerOne challenge. Naman shares how adversarial testing strengthens LLM guardrails.20:00 - Conversation shifts to AI agents and autonomy. Naman explains indirect prompt injection via email or calendar, leading to real exploits like reverse shells—all triggered by summarizing an email.25:00 - Stewart compares the Internet to a castle without doors. Naman explains the cat-and-mouse game of security—attackers need one flaw; defenders must lock every door. LLM insecurity lowers the barrier for attackers.30:00 - They explore input/output filtering, role-based access control, and clean fine-tuning. Naman admits most guardrails can be broken and only block low-hanging fruit.35:00 - They cover denial-of-wallet attacks—LLMs exploited to run up massive token costs. Naman critiques DeepSeek's weak alignment and state bias, noting training data risks.40:00 - Naman breaks down India's AI scene: Bangalore as a hub, US-India GTM, and the debate between sovereignty vs. pragmatism. He leans toward India building foundational models.45:00 - Closing thoughts on India's AI future. Naman mentions Sarvam AI, Krutrim, and Paris Chopra's Loss Funk. He urges devs to red team before shipping—"close the doors before enemies walk in."Key InsightsAI security requires a layered approach. Naman emphasizes that GenAI applications have vulnerabilities across three primary layers: the model layer, infrastructure layer, and application layer. It's not enough to patch up just one—true security-by-design means thinking holistically about how these layers interact and where they can be exploited.Prompt injection is more dangerous than it sounds. Direct prompt injection is already risky, but indirect prompt injection—where an attacker hides malicious instructions in content that the model will process later, like an email or webpage—poses an even more insidious threat. Naman compares it to smuggling weapons past the castle gates by hiding them in the food.Red teaming should be continuous, not a one-off. One of the critical mistakes teams make is treating red teaming like a compliance checkbox. Naman argues that red teaming should be embedded into the development lifecycle, constantly testing edge cases and probing for failure modes, especially as models evolve or interact with new data sources.LLMs can unintentionally leak sensitive data. In one real-world case, a language model fine-tuned on internal documentation ended up leaking a Windows activation key when asked a completely unrelated question. This illustrates how even seemingly benign outputs can compromise system integrity when training data isn't properly scoped or sanitized.Denial-of-wallet is an emerging threat vector. Unlike traditional denial-of-service attacks, LLMs are vulnerable to economic attacks where a bad actor can force the system to perform expensive computations, draining API credits or infrastructure budgets. This kind of vulnerability is particularly dangerous in scalable GenAI deployments with limited cost monitoring.Agents amplify security risks. While autonomous agents offer exciting capabilities, they also open the door to complex, compounded vulnerabilities. When agents start reading web content or calling tools on their own, indirect prompt injection can escalate into real-world consequences—like issuing financial transactions or triggering scripts—without human review.The Indian AI ecosystem needs to balance speed with sovereignty. Naman reflects on the Indian and global context, warning against simply importing models and infrastructure from abroad without understanding the security implications. There's a need for sovereign control over critical layers of AI systems—not just for innovation's sake, but for national resilience in an increasingly AI-mediated world.

In this episode of The Eric Ries Show, I sit down with Marten Mickos, a serial tech CEO who has been at the forefront of some of the most transformative moments in open-source technology. From leading MySQL through its groundbreaking journey to guiding HackerOne as a pioneering bug bounty platform, Marten's career is a masterclass in building innovative, trust-driven organizations.Our wide-ranging conversation explores Marten's remarkable journey through tech leadership, touching on his experiences building game-changing companies and, more recently, his work coaching emerging CEOs. We dive deep into the world of open source, company culture, and the nuanced art of leadership.In our conversation today, we talk about the following topics: • How MySQL revolutionized open-source databases and became Facebook's database• The strategic decision to make MySQL open source and leverage Linux distributions• The art of building a beloved open-source project while creating a profitable business model• How a lawsuit solidified MySQL's position in the open-source database market• The role of transparency and direct feedback in building organizational trust• Why Marten was drawn to HackerOne's disruptive approach to cybersecurity• Marten's transition to coaching new CEOs • Marten's unique "contrast framework" for making complex decisions• And much more!—Brought to you by:• Wilson Sonsini – Wilson Sonsini is the innovation economy's law firm. ⁠⁠Learn more⁠⁠.• Gusto – Gusto is an easy payroll and benefits software built for small businesses. ⁠⁠⁠⁠Get 3 months free⁠⁠⁠⁠.—Where to find Marten Mickos: • LinkedIn: https://www.linkedin.com/in/martenmickos/• Bluesky: https://bsky.app/profile/martenmickos.bsky.social—Where to find Eric:• Newsletter:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ericries.carrd.co/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ • Podcast:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ericriesshow.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ • YouTube:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/@theericriesshow⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ —In This Episode We Cover:(00:00) Intro(03:15) The first time Eric used MySQL(07:10) The origins of MySQL and how Marten got involved (13:22) Why MySQL pivoted to open source to leverage the power of Linux distros(17:03) Open source vs. closed (18:56) Building profitable open-source companies (24:52) The fearless company culture at MySQL and the Progress lawsuit(29:30) The value of not cutting any corners (33:35) How a dolphin became part of the MySQL logo (35:55) What it was like to build a company of true believers(38:47) Marten's management approach emphasizes kindness and direct feedback (42:12) Marten's hiring philosophy(45:14) Why MySQL sold to Sun Microsystems and tried to avoid Oracle (50:24) How Oracle has made MySQL even better(52:22) Why Marten decided to lead at HackerOne(55:41) An overview of HackerOne(59:31) How HackerOne got started and landed the Department of Defense contract(1:03:19) The trust-building power of transparency(1:08:30) Marten's successor and the state of HackerOne now(1:09:23) Marten's work coaching CEOs(1:14:20) Common issues CEOs struggle with (1:16:45) Marten's contrast framework (1:26:12) The book of Finnish poetry that inspired Marten's love of polarities—You can find the transcript and references at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.ericriesshow.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠—Production and marketing by⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://penname.co/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.Eric may be an investor in the companies discussed.

In this episode of the Risk Management Show, we debunk common bug bounty myths and explore what risk managers need to know to enhance their cyber security strategies. Joining us is Will Kapcio, Sales Engineer Manager at HackerOne, the world leader in hacker-powered security. Will shares expert insights into the realities of bug bounty programs, how private initiatives often outperform public ones, and the critical role they play in identifying vulnerabilities that evade traditional testing methods. We also discuss the findings of HackerOne's latest Hacker-Powered Security Report, including the top vulnerabilities organizations still struggle with, the impact of AI on both attackers and defenders, and practical advice for launching and scaling a successful bug bounty program. Whether you're a Chief Risk Officer, cyber security professional, or simply interested in the intersection of risk management and sustainability, this episode is packed with actionable insights. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal." Don't miss this invaluable di

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change 'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-395

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change 'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-395

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change Show Notes: https://securityweekly.com/esw-395

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change Show Notes: https://securityweekly.com/esw-395

Kara Sprague is the Chief Executive Officer at HackerOne. In this episode, she joins host Amanda Glassner to discuss her experience as a woman in cybersecurity, the benefits that diverse perspectives bring to a leadership team, the value of recruitment and retention, and more, as well as what's next for HackerOne. • For more on cybersecurity, visit us at https://cybersecurityventures.com

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncAnd AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest: https://sharonbrizinov.com/ResourcesThe Claroty Research Teamhttps://claroty.com/team82Pwntoolshttps://github.com/Gallopsled/pwntoolsScan My SMShttp://scanmysms.comGotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMShttps://www.youtube.com/watch?v=EhNsXXbDp3UTimestamps(00:00:00) Introduction(00:03:31) Sharon's Origin Story(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne(00:47:05) IoT/ICS Hacking Methodology(01:10:13) Cloud to Device Communication(01:18:15) Bug replication and uncommon attack surfaces(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

In this episode of "Screaming in the Cloud," we're making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he's responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You'll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there's anything you can take away from this episode, it's that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.Show Highlights(0:00) Intro(0:38) Blackblaze sponsor read(1:06) The role of AWS' security team outreach group(2:21) The nuance of the Vulnerability Disclosure Program(4:05) Will the VDP program replace human interactions(10:08) Response disclosure vs. coordinated disclosure(15:26) The high-quality communication of  the AWS security team(17:33) Gitpod sponsor read(18:45) Security researchers vs. "security researchers"(25:54) What's next for the VDP Program?(29:26) Avoiding "security by obscurity"(32:08) Being intentional with security messaging(36:16) Where you can find more from RyanAbout Ryan NoletteRyan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint securityLinksAWS VDP on HackerOne: hackerone.com/aws_vdpAWS VDP inbox: aws-security@amazon.comLinkedIn: www.linkedin.com/in/cloudy-with-a-chance-of-securityAWS Vulnerability Reporting site: https://aws.amazon.com/security/vulnerability-reporting/Give your feedback on the recently expanded VDP program: https://pulse.aws/survey/MOOFGRLMSponsorsBackblaze: https://www.backblaze.com/Gitpod: gitpod.io

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379

On this episode of The Table with Anthony ONeal, we're joined by Arlan Hamilton founder of Backstage Capital and HireRunner.co, remarkable entrepreneur, author, investor, and speaker. She shares invaluable insights on entrepreneurship, the start of her investment journey, and how she made her first million dollars at 40 years old. Arlan's story is a testament to resilience and determination, proving that it's never too late to transform your financial future and the power of perseverance.

On this episode of The Table with Anthony ONeal, we welcome Latasha Morrison, New York Times bestselling author of "Be The Bridge." Latasha shares insights from her latest book, "Brown Faces, White Spaces: Confronting Systemic Racism to Bring Healing and Restoration." She discusses her life journey, the ongoing struggle for equality and equity for Black people, and the history of redlining. Latasha's profound understanding of systemic racism provides a roadmap for healing and restoration, making this episode an essential listen for anyone committed to social justice. Join us as we delve into her powerful message and learn how we can all contribute to a more equitable society.

On this episode of The Table with Anthony ONeal, we explore alternative strategies for wealth building that don't rely solely on the traditional 40-hour workweek. AO dives deep into the importance of prioritizing budgeting to manage finances effectively and discuss the benefits of pursuing entrepreneurship as a path to financial success. Join us as we share insights, tips, and actionable advice to help you achieve financial freedom and create a more flexible and fulfilling lifestyle.Mentioned On Today's Show:

On this episode of The Table with Anthony ONeal, Travis Greene joins to share his profound insights on aligning your desires with God's plan. Travis discusses the importance of asking what God wants for you, rather than just focusing on your own wants. He and AO delves into the necessity of learning how to plan without succumbing to jealousy towards others who may seem to be succeeding. Travis emphasizes that God's plan for you is unique, and there's no need to compare your journey with anyone else's. Tune in to gain valuable wisdom on finding peace and purpose in God's path for your life.

On this episode of The Table with Anthony ONeal, we share five transformative books that can lead you to generational wealth. AO carefully selected each book to provide valuable insights, strategies, and inspiration for achieving financial success. From timeless classics to modern gems, these books cover a range of topics such as wealth mindset, investment strategies, personal finance management, and entrepreneurship. Tune in as we explore how these books can empower you with the knowledge and tools needed to make informed decisions, build wealth, and create a prosperous future. Don't miss out on this enriching episode filled with actionable wisdom!Mentioned On Today's Show:**This show is sponsored and brought to you by Better Help!**

On this episode of The Table with Anthony ONeal, we sit down with Marilyn Mosby, who was wrongfully convicted of two counts of perjury and one count of mortgage fraud, potentially facing up to 40 years in federal prison. As her sentencing date approaches on May 23, 2024, civil rights organizations, including the NAACP, rally for a presidential pardon for Mosby. Join us as she courageously shares her side of the story, shedding light on the challenges of navigating the legal system and advocating for justice. Tune in to gain insights into Mosby's journey and the broader implications of her case on civil rights and the justice system.

On this episode of The Table with Anthony O'Neal, we share the vital strategies for selling your car without overpaying. Before stepping into the market, it's essential to define your preferences and requirements clearly. AO guides you through the process of evaluating your needs, setting a budget, and conducting comprehensive research to uncover the best opportunities. With a solid understanding and a strategic approach, you'll navigate the car-selling journey with confidence, ensuring that you receive optimal value for your vehicle. Tune in to discover actionable insights, make informed choices, and steer clear of common pitfalls in selling your car!Mentioned On Today's Show:

On this episode of The Table with Anthony ONeal, we have the remarkable Bishop Henry Fernandez joining us as we delve into insightful discussions covering a wide range of topics, from faith and finances to building a lasting legacy. Bishop Fernandez shares valuable perspectives on navigating the intersection of faith and wealth, strategies for financial stewardship, and the importance of leaving a meaningful legacy. We also explore the dynamics of dating in the context of faith and personal values, offering practical advice and wisdom for those seeking meaningful relationships. Tune in for an engaging and enlightening conversation with Bishop Henry Fernandez!Mentioned On Today's Show:

On this episode of The Table with Anthony ONeal, Sarah Jakes Roberts joins to discuss her latest book "Power Moves." Sarah dives deep into the concept of power moves, offering a fresh perspective that challenges common assumptions. During this candid conversation with AO, Sarah delves into the realities of building a successful marriage, sharing invaluable insights and advice. Don't miss this opportunity to gain wisdom on personal growth, relationships, and the true essence of making impactful moves in your life. Sarah's authenticity and expertise make this episode a must-watch!

On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:

On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:

On this episode of The Table with Anthony ONeal, we delve into the crucial numbers you need to track for effective wealth building. From understanding your essential expenses like housing, utilities, food, transportation, and child care to the importance of tracking for budgeting and identifying potential savings, AO covers it all! We also discuss what percentage of your income housing expenses should not exceed and share valuable insights on debt management strategies. Join us as we break down these key financial metrics to empower you with the knowledge to make informed decisions for a stronger financial future.Mentioned On Today's Show:**This show is sponsored and brought to you by Better Help!**

On this episode of The Table with Anthony ONeal, we share the essential strategies for avoiding overpaying when purchasing a car. Before diving into the market, it's crucial to gain a clear understanding of your wants and needs. AO explores how to assess your requirements, set a budget, and conduct thorough research to find the best deals. By equipping yourself with knowledge and a well-defined plan, you can navigate the car-buying process confidently and ensure that you get the most value for your money. Tune in to learn how to make informed decisions and avoid common pitfalls in car purchases!Mentioned On Today's Show:

On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:

On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:

On this episode of The Table with Anthony ONeal, we take a closer look into the common traits shared by Black Billionaires in their journey to generational wealth. From resilience and innovation to strategic decision-making, AO shares the key lessons that can be learned from their success stories. By studying their approaches and mindset, we can gain valuable insights into building wealth and achieving financial success. Tune in to learn the secrets of Black Billionaires and how you to can apply these principles to your own path towards financial freedom!Mentioned On Today's Show:

On today's Build Your Table Live, AO shares crucial money lessons that schools overlooked. From basic budgeting and financial planning to understanding investments. Tune in as AO gives practical tips for managing money, building wealth, and securing financial freedom. Whether you're a recent graduate or a seasoned professional, today's Live is a must-watch to fill the gaps in your financial education. Don't miss out on learning the vital money lessons that can profoundly impact your financial well-being and future success! ▶️ Watch the full show here: https://youtube.com/live/yzvppWHGevkMentioned On Today's Live:

Hey E3 fam! I'll be in Houston, Texas and Charlotte, North Carolina this week! Here are three compelling reasons why you NEED to be in the building: First, you'll gain invaluable financial education that can shape your financial future. Second, you'll have the amazing opportunity to network and connect with like-minded individuals. Lastly, You'll have access to expert advice from several leaders in their respective fields. Don't miss out on these exclusive events that promises to empower and enlighten you on your financial and spiritual journey!